Skip to content

Incident Response Plan

This plan defines how Ouva identifies, triages, and resolves security and operational incidents.

Incidents can be reported through:

  • `security@ouva.co` for suspected security events
  • `help@ouva.co` for operational incidents and urgent support needs

Reports should include observed behavior, affected systems, timestamp, and any immediate risks.

Potentially abnormal behavior with no confirmed compromise or impact yet. Requires investigation on the standard operational cadence.

Credible threat or confirmed control weakness with likely material impact if not addressed quickly. Requires accelerated triage and responder coordination.

Confirmed active compromise or major service-impacting event with customer or business harm. Requires immediate incident command and continuous response until stabilized.

  1. Detect and triage: Validate report, classify severity, and assign incident owner.
  2. Contain: Limit spread, isolate affected systems, and preserve evidence.
  3. Eradicate and remediate: Remove root cause and apply corrective controls.
  4. Recover: Restore services and monitor for recurrence.
  5. Review: Run post-incident analysis and track follow-up actions.
  • Internal communications follow need-to-know access and approved secure channels.
  • Customer and partner notifications are coordinated based on contractual and legal requirements.
  • Regulatory and legal reporting is handled with external advisors when required.
  • Every High Risk and Critical incident receives a documented post-mortem.
  • Root-cause and corrective actions are tracked to completion.
  • Response procedures are reviewed periodically through scenario-based exercises and updated based on findings.

For operational monitoring and alerting capabilities, see Uptime, Availability & Monitoring.